<?php
include("../../tools/session.php");
include("../../tools/controls.php");
include("../../tools/pub.php");

// 如果登录失败、无权限访问，那么采取相应措施
if (!($is_login_success === true)) { session_hop_page("../index.php"); exit(); }
if (!power_check(0)) { include("tpl-inc-wp.php"); $tpl->display($oa_tpl_path . "/no-power.html"); exit(); }

/*-- 以下是实际内容 --*/
$page_status = $_POST["page_status"];
if (!$page_status)
{
   include("tpl-inc-wp.php");
   $tpl->display($oa_tpl_path . "/default/user_power.html");
}
// 如果 $page_status 为 1 时，显示员工数据
elseif ($page_status == 1)
{
   $section_id = $_POST["section_id"];
   
   include("../../tools/pub.php");
   include("../../tools/mysql.php");
   db_connect();
   
   header("content-type: text/xml");
   echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
   echo "<users>\n";
   
   $sql = "SELECT id, username, power_add, power_trim FROM view_user WHERE section_id=" . $section_id;
   $re = db_query($sql);
   
   foreach ($re as $v)
	 {
		// if (!$v["power"]) { $v["power"] = "0"; }
		$array_power_add = explode(",", $v["power_add"]);
		$array_power_trim = explode(",", $v["power_trim"]);
		$power = join(",", array_merge(
							 array_del_from_another($array_power_add, $array_power_trim),
							 array("0")));
		echo "<item>\n";
		echo "<id>" . $v["id"] . "</id>\n";
		echo "<name>" . $v["username"] . "</name>\n";
		echo "<power>" . $power . "</power>\n";
		echo "</item>\n";
	 }
   
   echo "</users>\n";
}
elseif ($page_status == 2)
{
	$uid = $_POST["uid"];
	$power = $_POST["power"];
	
	include("../../tools/mysql.php");
	db_connect();
	
	$sql = "UPDATE `user` SET `power_add`='" . $power . "' WHERE id=" . $uid;
	// echo db_exec($sql) ? "Success: 修改成功！" : "Error: 修改失败！";
	$log_str = array("修改用户（ID: " . $uid . "）权限成功！", "修改用户权限失败！");
	echo check_status_write_to_log(db_exec($sql), $log_str, FALSE);
}
?>
